⁠5 tips to not get hacked in 2025

5 tips to not get hacked in 2025

We unknowingly open our doors to strangers and expect them not to come in. By this, I mean we make these mistakes on a day-to-day basis and expect some miracle to prevent us from getting hacked. Having a smart device connected to the internet automatically puts you on the radar to get hacked, yet we do not take precautions to safeguard our data.

Either by errors in the software we use or in the mistakes we make while using our devices, we expose ourselves to prying hackers who steal our data.

So, how do you know if you have been hacked?

• Your device gets hot or slows down easily because malware makes use of excess resources in the background.
• You notice advertisements of products you have no interest in and haven’t searched for.
• If you observe strange or suspicious login alerts, either through Gmail, Facebook, or other notifications
• Sudden password change confirmations in a region far from you
• For an app like Spotify, noticing someone has been listening to artists you don’t regularly listen to
• You can also visit haveibeenpwned.com to check if your email has been hacked.

So now that you have figured out that your device is not hacked, here are

⁠5 tips to not get hacked in 2025

Don’t worry, even if you have already been hacked. Read on for solutions to this problem.

1. TURN ON 2-FACTOR AUTHENTICATION: The first step to safeguard your data from being hacked is to reduce the chance of exposure. Enabling two-factor authentication for as many of your accounts as you can is undoubtedly the best way to safeguard your online accounts. This method makes use of a secondary piece of information, a code generated by an app or sent via SMS, in addition to a password. This additional piece of information helps to prove that you are the one attempting to log in, as codes are frequently accessed on the phone in your pocket. Even if you have an easily guessable password (we’ll get to that shortly), an attacker is unlikely to gain access to an account with multi-factor authentication enabled unless they have your phone.

You should turn it on for all the accounts that hold personal information that could be abused. Messaging apps such as WhatsApp, social media, including Facebook, Instagram, and Twitter, and your email accounts.

Not all forms of multi-factor authentication are equal, though. Code-generating apps are considered more secure than getting codes via SMS, and beyond that, physical security keys provide an even more robust layer of protection.

The best ways to implement a multifactor authenticator to prevent getting hacked

• Make use of MFA that is resistant to phishing, such as FIDO2 keys or hardware tokens.
• Use MFA for admin accounts, remote access tools, and Microsoft 365.
• Use authentication apps instead of SMS-based multi-factor authentication (MFA) whenever you can to further prevent hacking.
• Put adaptive MFA into practice (only ask for extra verification when access is unusual).

A hacker with your credentials won’t get very far with MFA. It’s similar to having a secret code that only you can use to enter your virtual world. MFA is a strong defense against hackers who steal your login information by using malware or vulnerabilities.

2. Use Password Manager and create stronger passwords:

 If you notice you have already been hacked, then the first thing to do would be to change all your passwords immediately before turning on 2-factor authentication. Assuming the hacker has not logged you out of your account.

We need to get more creative with our passwords. It’s 2025; if your password looks anything like “Danny1234” or your birthday or a popular nickname that is easy to guess as a password, then you should run to those accounts right now to change them.

We get that you don’t want to forget your password, especially for the finance accounts. We don’t judge you for it, but you need to understand that easy passwords like these are an open invitation to hackers. 

What passwords are strong? You may be wondering, Well, they should have at least 

• one capital letter
• One small letter
• At least 8 characters; the more the better
• One special character
• One numerical character
• We understand that it can be hectic trying to think up such passwords, so we simplified it. 
• Use a password manager.
• Pro Tip: Google Accounts Manager keeps an eye out for questionable account login attempts and warns you before hackers gain access. You can use the Google Account Manager to review saved passwords, remove any you don’t recognize, and secure your account by updating weak or exposed passwords.

Remembering all your passwords, keeping tabs on all your passwords, and noticing when some of them have been compromised would be about impossible without a password manager. Password managers suggest strong passwords that you don’t have to remember because they are automatically saved on your device. (There is a precaution to this.) A highly recommended password manager that mostly comes with creating a Google account is the Google Password Manager. 

3. Recognize phishing scams: My Instagram account got hacked because, at the time, I couldn’t tell the difference between a safe link and a phishing scam. Yes, I had 2FA on, but I could not recover that account. Phishing is one of the biggest tricks scammers use to steal information, and it works by making you believe you’re talking to a real organization like your bank, email provider, delivery service, or even someone you know. They use emails, texts, WhatsApp messages, calls, or fake websites to pressure you into giving sensitive details such as your password, OTPs, card numbers, or personal information. Their messages often contain links that look normal at first glance but lead to fake websites that copy the look of real ones. Once you type in your details, the scammer collects them instantly.

A common warning sign is urgency. Scammers enjoy sending messages that scare people, for instance, “Your account will be closed today,” “Your ATM card is blocked,” or “Unauthorized login detected…verify now.” They want you to panic and react without thinking. Real businesses rarely use threatening language. You may also notice that their messages may contain spelling errors, unusual grammar, and strange greetings. Many will boldly request your password, OTP, credit card information, or other sensitive information. No genuine company, bank, or service will ever request these. Some scammers even claim that you must pay a small “verification fee” or “delivery fee” to unlock something—another obvious sign of fraud.

The most dangerous method involves scammers sending a link that opens a fake login page for your bank, email, Facebook, Instagram, or Apple ID. Everything looks real, but the web address is slightly off. Once you enter your details, they’re gone, like in my case. The safest approach is to avoid clicking unexpected links entirely. If your bank, delivery company, or email provider truly needs you, open your browser and type the official website yourself. Also, never share your OTP with anyone, even if they claim to be customer care.

If anything feels off—even a little—pause and double-check. Phishing works because people rush. You stay protected by slowing down, verifying the sender, ignoring suspicious links, and trusting your instincts.

4. Auto connect to Wi-Fi? Think again.

Public Wi-Fi might feel convenient, especially in cafés, airports, or malls, but it is one of the easiest ways for hackers to slip into your device without you realizing it. These networks are open to everyone, which means anyone…including attackers. Hackers can sit on the same connection and quietly monitor what you’re doing online. When you join an unsecured network, your phone or laptop may send information without proper protection, and this makes it possible for someone nearby to intercept your browsing activity, steal your passwords, capture your login details, or track the websites you visit. Some hackers even create fake Wi-Fi networks with names that sound harmless, like “Free Airport Wi-Fi” or “Guest Wi-Fi,” just to lure people into connecting. Once you join, they can observe everything you do on that connection.

The danger increases when you use public Wi-Fi to log into sensitive accounts such as your bank app, email, or social media pages. The moment you type in your details, a skilled hacker on the same network can capture them.

Even something as simple as checking your email or opening your Instagram can expose you. Some attackers also send harmful code into websites you visit while on public Wi-Fi, which can secretly install unwanted programs or steal stored passwords on your device. It all happens quietly in the background, while you’re unsuspecting.

A safer approach is to wait until you are on a trusted, secure network before accessing sensitive information. If you must use public Wi-Fi, avoid logging into important accounts, and never enter your bank details or passwords. Using your phone’s mobile data is often much safer than connecting to any free Wi-Fi you see. You can also enable a VPN if you have one, because it adds a protective layer around your online activity. The main idea is simple: don’t assume public networks are harmless. Treat them with caution, stay alert, and prioritize your privacy and security over convenience.

5. Stop screenshotting secrets

Many people take screenshots of their passwords or OTPs for convenience, but this is one of the riskiest online habits you can have. When you save a screenshot of a password, it is saved in your phone’s gallery, which is typically linked to cloud backups like Google Photos, iCloud, or other storage apps. If any of these accounts are ever compromised, the attacker will not only see your photos, but also any screenshots you’ve taken, including passwords, bank OTPs, recovery codes, or private information you hoped to remember. Screenshots may appear harmless, but they are one of the easiest things for hackers to obtain once they have gained access to your device or cloud storage.

Another issue is that the screenshots are not always organized. You may forget that you saved them. They are mixed in with selfies, documents, and random photos, making it simple for someone with physical access to your phone to scroll through and find them. If you ever give your phone to a repairman, a friend, a stranger who offers to “help fix something,” or even a curious sibling, they can easily find sensitive screenshots. Hackers also use spyware and malicious apps to automatically scan your gallery for images containing numbers, text, or anything that resembles a password. Once discovered, they can extract the information immediately.

Use a trustworthy password manager rather than saving passwords in your gallery. Password managers are made to safely keep your login credentials and encrypt them, even in the event that someone manages to access your device. They also help you generate stronger passwords so you don’t rely on weak or repeated ones. If you ever need to remember a password, store it in the password manager rather than taking a screenshot. And if you already have sensitive screenshots sitting in your gallery, delete them immediately and replace them with secure password manager entries. This small change can protect your accounts and reduce the chances of a complete security breach.

Found out you have been hacked? try

To recover a hacked account, change your password immediately, making sure it is strong and unique. Log out of all devices to prevent future access. Enable two-factor authentication (2FA) to increase security. Check for and remove any unfamiliar devices from your account settings. Verify and restore any altered recovery information, such as email and security questions. Scan your device for malware with a security app. Check for any security alerts from email services. Check messages and transactions to identify and reverse any unauthorized activities. Inform your contacts if the hacker has misled them. Disconnect any unnecessary apps linked to your account.

Report the hack to the relevant platform for assistance. If you cannot log in, use the account recovery options provided by the platform. If bank details were compromised, take quick actions like blocking cards and disputing unauthorized transactions. Finally, strengthen your security moving forward by using unique passwords, avoiding public Wi-Fi for sensitive tasks, and regularly reviewing your security settings.